Not an issue 1.52 try #1
Comments
|
@Sethpaien If the UaF'd target's length isn't getting modified then the object might not be getting free'd properly so it's not getting overwritten by the spray, or the memory layout has changed so much that maybe the spray isn't reaching the free'd object's memory, not incredibly sure. I'd try messing with the memory pressure and spray sizes. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Sorry to make an issue for this, it's just a way to have a place to talk about it.
I've try to make it works on 1.52 unsuccessfully ; System seems to be vulnerable
but it always fail to modify UaF'd target's length.
Is there any away to unsure that GBC is called ?
First loop into butterflySpray is 0x1000 * 0x40 next one is 0x1000 * 0x80 I may miss something.
Got better result with previous ps4playground exploit but never be able to get ROP execution (just writing) (even with Cturt who kindly answer few questions months ago),
maybe being able to get memory read/write from ps4playground could help to debug this one ?
Not sure because of GBC.
The text was updated successfully, but these errors were encountered: